The invention relates to data encryption, and in particular to a method of encrypting data utilizing an operating system according to the state of the application and supervisory definition.
With popularity of Internet and intranet, and usage of portable memory devices, document security has become a significant issue.
U.S. Pat. No. 6,249,866 discloses a data encryption method employing designation of a directory or a file to be encrypted. Any user, however, can demand the designation. In addition, encryption and decryption keys can be provided by any user. Thus, general users can easily obtain or copy plain text data without requiring authorization.
A document “Linux Encryption HOWTO” by Marc Mutz discloses a data encryption method wherein a security disk volume is presented.
In the method, encryption and decryption keys are obtained by general users. When sharing encrypted files, it is necessary to disclose and share decryption keys to other users for access to the encrypted files. With the decryption keys, other users can easily decrypt the encrypted files stored in the security disk volume. Thus, the method cannot prevent risks to critical data.
In addition, if encrypted data in the security disk volume is copied to another volume, the data is first decrypted to plain text data.
U.S. Pat. No. 6,185,681 discloses another data encryption method providing encryption to electronic document management (EDM) systems without updating original EDM systems. A crypto server disclosed in the patent is responsible for the encryption functions.
FIG. 1 is a schematic diagram of the method. Memory a100 comprises application all, EDM system a12, and crypto server a13. When application all issues commands comprising “close”, “save” or “save as” for a file, crypto server a13 saves corresponding events and determines whether to encrypt the file. If the file is to be encrypted, crypto server a13 encrypts the file and provides encrypted file to EDM a12. EDM a12 then performs corresponding “close”, “save” or “save as” operations for the encrypted file. When application all issues an “open” command for a file, crypto server a13 saves corresponding events and determines whether to decrypt the file. If the file is to be decrypted, crypto server a13 decrypts the file and provides the decrypted file to EDM a12. EDM a12 then performs the corresponding “open” command for the decrypted file.
Application all and EDM a12 must conform to open document management API (ODMA) standard. If application all or EDM a12 does not conform to the ODMA standard, crypto server a13 cannot save above-described events. In addition, crypto server a13 may be removed without affecting the entire EDM system a12 and operation thereof. If crypto server a13 is removed, files managed by EDM system a12 cannot be automatically encrypted.
Hence, there is a need for a new data encryption method to ameliorate the problems described above.